UnknownSec Bypass
403
:
/
bin
/ [
drwxr-xr-x
]
Menu
Upload
Mass depes
Mass delete
Terminal
Info server
About
name :
networkd-dispatcher
#! /usr/bin/python3 # networkd-dispatcher # Dispatcher service for systemd-networkd # Copyright(c) 2016 by wave++ "Yuri D'Elia" <wavexx@thregr.org> # Distributed under GPLv3+ (see COPYING) WITHOUT ANY WARRANTY. # Copyright(c) 2018-2020 by craftyguy "Clayton Craft" <clayton@craftyguy.net> # Distributed under GPLv3+ (see COPYING) WITHOUT ANY WARRANTY. from __future__ import print_function, division, generators, unicode_literals import argparse import collections import errno import json import logging import os import pathlib import re import socket import subprocess import sys # Try to import the dynamic glib, or try to fall back to static try: from gi.repository import GLib as glib # pragma: no cover except ImportError: # pragma: no cover import glib # pragma: no cover import dbus import dbus.mainloop.glib logger = logging.getLogger('networkd-dispatcher') # Detect up-front which commands we use exist def resolve_path(cmdname): for dirname in os.environ['PATH'].split(':'): path = os.path.join(dirname, cmdname) if os.path.exists(path): return path logger.warning('No valid path found for %s', cmdname) return None # Constants NETWORKCTL = resolve_path('networkctl') DEFAULT_SCRIPT_DIR = '/etc/networkd-dispatcher:/usr/lib/networkd-dispatcher' # Supported wireless tools IWCONFIG = resolve_path('iwconfig') IW = resolve_path('iw') LOG_FORMAT = '%(levelname)s:%(message)s' SINGLETONS = {'Type', 'ESSID', 'OperationalState'} # taken from https://www.freedesktop.org/software/systemd/man/networkctl.html ADMIN_STATES = ['configured', 'configuring', 'failed', 'pending', 'unmanaged', 'linger', 'initialized'] OPER_STATES = ['carrier', 'degraded', 'degraded-carrier', 'dormant', 'enslaved', 'missing', 'no-carrier', 'off', 'routable'] AddressList = collections.namedtuple('AddressList', ['ipv4', 'ipv6']) NetworkctlListState = collections.namedtuple('NetworkctlListState', ['idx', 'name', 'type', 'operational', 'administrative']) class UnknownState(Exception): pass def unquote(buf, char='\\'): """Remove escape characters from iwconfig ESSID output""" idx = 0 while True: idx = buf.find(char, idx) if idx < 0: break buf = buf[:idx] + buf[idx+1:] idx += 1 return buf def get_networkctl_list(): """Update the mapping from interface index numbers to state""" try: out = subprocess.check_output([NETWORKCTL, 'list', '--no-pager', '--no-legend']) except subprocess.CalledProcessError as e: logger.error('networkctl list failed: %s', e) return [] result = [] for line in out.split(b'\n')[:-1]: fields = line.decode('utf-8', errors='replace').split() idx_s = fields.pop(0) result.append(NetworkctlListState(int(idx_s), *fields)) return result def get_networkctl_status(iface_name): """Return a dictionary mapping keys to lists (or strings if in SINGLETONS)""" data = collections.defaultdict(list) try: out = subprocess.check_output([NETWORKCTL, 'status', '--no-pager', '--no-legend', '--', iface_name]) except subprocess.CalledProcessError as e: logger.error('Failed to get interface "%s" status: %s', iface_name, e) return data out = out.decode('utf-8', errors='replace') oldk = None for line in out.split('\n')[1:-1]: kv = line.split(': ', 1) k = oldk if len(kv) == 1 else kv[0].strip() v = kv[-1].strip() if not v: continue # normalize some values that changed in v244 & v246 if k == 'Address': v = re.sub(r' \(DHCP4.*\)$', '', v) oldk = k if k in SINGLETONS: data[k] = v else: data[k].append(v) return data def get_wlan_essid(iface_name): """Given an interface name, return its ESSID""" if IWCONFIG is None: if IW is None: logger.error('Unable to retrieve ESSID for wireless interface %s: ' 'no supported wireless tool installed', iface_name) return '' return iw_get_ssid(iface_name) return iwconfig_get_ssid(iface_name) def iw_get_ssid(iface_name): out = subprocess.check_output([IW, iface_name, 'link']) lines = out.decode('utf-8', errors='replace').split('\n') line = [s for s in lines if 'SSID' in s] if not line: logger.warning('Unable to retrieve ESSID for wireless interface %s.', iface_name) return '' essid = line[0].rsplit(" ")[1] return unquote(essid) def iwconfig_get_ssid(iface_name): out = subprocess.check_output([IWCONFIG, '--', iface_name]) line = out.split(b'\n')[0].decode('utf-8', errors='replace') essid = line[line.find('ESSID:')+7:-3] return unquote(essid) def check_perms(path, mode=0o755, uid=0, gid=0): """ Check that the given file or dir @ path has the given mode set, and is owned by the given uid/gid. Symlinks are *not* followed. Raises FileNotFoundError if path doesn't exist.""" if not os.path.exists(path): raise FileNotFoundError st = os.stat(path, follow_symlinks=False) st_mode = st.st_mode & 0x00FFF if st.st_uid == uid and st.st_gid == gid and st_mode == mode: return True logger.error("invalid permissions on %s. expected mode=%s, uid=%d, " "gid=%d; got mode=%s, uid=%d, gid=%d", path, oct(mode), uid, gid, oct(st_mode), st.st_uid, st.st_gid) return False def scripts_in_path(path, subdir): """Given directory names in PATH notation (separated by :), and a subdirectory name, return a sorted list of executables contained in that subdirectory, such that executables in earlier path components override those with the same name in later path components.""" script_list = [] base_filenames = set() for one_path in path.split(":"): one_path = os.path.join(one_path, subdir) if not os.path.exists(one_path): logger.debug("Path %r does not exist; skipping", one_path) continue base_filenames.update(os.listdir(one_path)) for filename in sorted(base_filenames): for one_path in path.split(":"): pathname = os.path.join(one_path, subdir, filename) if os.path.isfile(pathname): try: realpath = pathlib.Path(pathname).resolve() # Make sure that the file's parent dir has the correct # perms, without following any symlinks if not check_perms(os.path.dirname(pathname), 0o755, 0, 0): continue # Make sure file has correct perms, after following any # symlink(s) if not check_perms(realpath, 0o755, 0, 0): continue except FileNotFoundError: continue script_list.append(pathname) break return script_list def parse_address_strings(addrs): """Given a list of addresses, discard uninteresting ones, and sort the rest into IPv4 vs IPv6""" ip4addrs = [] ip6addrs = [] for addr in addrs: if addr.startswith('127.') or \ addr.startswith('fe80:'): continue if ':' in addr: ip6addrs.append(addr) elif '.' in addr: ip4addrs.append(addr) return AddressList(ip4addrs, ip6addrs) def get_interface_data(iface): """Return JSON-serializable data representing all state needed to run hooks for the given interface""" data = {'Type': iface.type, 'OperationalState': iface.operational, 'AdministrativeState': iface.administrative, "InterfaceName": iface.name} # Always collect what data we can. data.update(get_networkctl_status(iface.name)) # The returned state may be different than what was read from # 'networkctl list', so construct state based on th iface data. # See Issue #24. data['State'] = (data.get('OperationalState', '') + " (" + data.get('AdministrativeState', '') + ")") if data.get('Type') == 'wlan': data['ESSID'] = get_wlan_essid(iface.name) return data class Dispatcher(): iface_names_by_idx = {} # only changed on rescan ifaces_by_name = {} # updated on every state change def __init__(self, script_dir=DEFAULT_SCRIPT_DIR): self.script_dir = script_dir self._interface_scan() def __repr__(self): return '<Dispatcher(%r)>' % (self.__dict__,) def _interface_scan(self): iface_list = get_networkctl_list() # Append new interfaces, keeping old ones around to avoid hotplug race # condition (issue #20) for i in iface_list: if i not in self.iface_names_by_idx: self.iface_names_by_idx[i.idx] = i.name self.ifaces_by_name[i.name] = i logger.debug('Performed interface scan; state: %r', self) def register(self, bus=None): """Register this dispatcher to handle events from the given bus""" if bus is None: bus = dbus.SystemBus() bus.add_signal_receiver(self._receive_signal, bus_name='org.freedesktop.network1', signal_name='PropertiesChanged', path_keyword='path') def trigger_all(self): """Immediately invoke all scripts for the last known (or initial) states for each interface""" logger.info('Triggering scripts for last-known state for all' 'interfaces') for iface_name, iface in self.ifaces_by_name.items(): logger.debug('Running immediate triggers for %r', iface) try: self.handle_state(iface_name, administrative_state=iface.administrative, operational_state=iface.operational, force=True) except UnknownState as e: logger.exception("Unknown state for interface %s: %s", iface, str(e)) except Exception: # pylint: disable=broad-except logger.exception("Error handling initial state for " "interface %r", iface) def get_scripts_list(self, state): """Return scripts for the given state""" return scripts_in_path(self.script_dir, state + ".d") def _handle_one_state(self, iface_name, state, state_type, force=False): """Process a single state change""" try: if state is None: return prior_iface = self.ifaces_by_name.get(iface_name) if prior_iface is None: logger.error('Attempting to handle state for unknown interface' ' %r', iface_name) return prior_state = getattr(prior_iface, state_type) if force is False and state == prior_state: logger.debug('No change represented by %s state %r for ' 'interface %r', state_type, state, iface_name) return new_iface = prior_iface._replace(**{state_type: state}) self.ifaces_by_name[new_iface.name] = new_iface self.run_hooks_for_state(new_iface, state) # pylint: disable=broad-except except Exception: logger.exception('Error handling notification for interface %r ' 'entering %s state %s', iface_name, state_type, state) def handle_state(self, iface_name, administrative_state=None, operational_state=None, force=False): if (administrative_state and administrative_state.lower() not in ADMIN_STATES): raise UnknownState(administrative_state) if (operational_state and operational_state.lower() not in OPER_STATES): raise UnknownState(operational_state) self._handle_one_state(iface_name, administrative_state, 'administrative', force=force) self._handle_one_state(iface_name, operational_state, 'operational', force=force) def run_hooks_for_state(self, iface, state): """Run all hooks associated with a given state""" # No actions to take? Do nothing. script_list = self.get_scripts_list(state) if not script_list: logger.debug('Ignoring notification for interface %r entering ' 'state %r: no triggers', iface, state) return # Collect data data = get_interface_data(iface) (v4addrs, v6addrs) = parse_address_strings(data.get('Address', ())) # Set script env. variables script_env = dict(os.environ) script_env.update({ 'ADDR': (data.get('Address', ['']) + [''])[0], 'ESSID': data.get('ESSID', ''), 'IP_ADDRS': ' '.join(v4addrs), 'IP6_ADDRS': ' '.join(v6addrs), 'IFACE': iface.name, 'STATE': str(state), 'AdministrativeState': data.get('AdministrativeState', ''), 'OperationalState': data.get('OperationalState', ''), 'json': json.dumps(data, sort_keys=True), }) # run all valid scripts in the list logger.debug('Running triggers for interface %r entering state %r ' 'with environment %r', iface, state, script_env) for script in script_list: logger.info('Invoking %r for interface %s', script, iface.name) ret = subprocess.Popen(script, env=script_env).wait() if ret != 0: logger.warning('Exit status %r from script %r invoked with ' 'environment %r', ret, script, script_env) def _receive_signal(self, typ, data, _, path): logger.debug('Signal: typ=%r, data=%r, path=%r', typ, data, path) if typ != 'org.freedesktop.network1.Link': logger.debug('Ignoring signal received with unexpected typ %r', typ) return if not path.startswith('/org/freedesktop/network1/link/_'): logger.warning('Ignoring signal received with unexpected path %r', path) return # Detect necessity of reloading map *before* filtering ignored states # http://thread.gmane.org/gmane.comp.sysutils.systemd.devel/36460 idx = path[32:] idx = int(chr(int(idx[:2], 16)) + idx[2:]) if idx not in self.iface_names_by_idx: # Try to reload configuration if even an ignored message is seen logger.warning('Unknown index %r seen, reloading interface list', idx) self._interface_scan() try: iface_name = self.iface_names_by_idx[idx] except KeyError: # Presumptive race condition: We reloaded, but the index is # still invalid logger.error('Unknown interface index %r seen even after reload', idx) return operational_state = data.get('OperationalState', None) administrative_state = data.get('AdministrativeState', None) if ((operational_state is not None) or (administrative_state is not None)): try: self.handle_state(iface_name, administrative_state=str(administrative_state) # noqa if administrative_state else None, operational_state=str(operational_state) if operational_state else None,) except UnknownState as e: logger.exception("Unknown state for interface %s: %s", iface_name, str(e)) # Handle interfaces that have been removed if administrative_state == 'linger': try: self.iface_names_by_idx.pop(idx) self.ifaces_by_name.pop(iface_name) except KeyError: logger.error('Unable to remove interface at index %r.', idx) def sd_notify(**kwargs): """Systemd sd_notify implementation for Python. Note: kwargs should contain the state to send to systemd""" if not kwargs: logger.error("sd_notify called with no state specified!") return -errno.EINVAL sock = None try: # Turn state, a dictionary, into a properly formatted string where # each 'key=val' combo in the dictionary is separated by a \n state_str = '\n'.join(['{0}={1}'.format(key, val) for (key, val) in kwargs.items()]) env = os.environ.get('NOTIFY_SOCKET', None) if not env: # Process was not invoked with systemd return -errno.EINVAL if env[0] not in ('/', '@'): logger.warning("NOTIFY_SOCKET is set, but does not contain a " "legitimate value") return -errno.EINVAL if env[0] == '@': env = '\0' + env[1:] sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM) if sock.sendto(bytearray(state_str, 'utf-8'), env) > 0: return 1 # pylint: disable=broad-except except Exception: logger.exception("Ignoring unexpected error during sd_notify() " "invocation") if sock: sock.close() return 0 def parse_args(args): """Parses arguments from command line""" ap = argparse.ArgumentParser(description='networkd dispatcher daemon') ap.add_argument('-S', '--script-dir', action='store', default=DEFAULT_SCRIPT_DIR, help='Location under which to look for scripts [default: ' '%(default)s]') ap.add_argument('-T', '--run-startup-triggers', action='store_true', help='Generate events reflecting preexisting state and ' 'behavior on startup [default: %(default)s]') ap.add_argument('-v', '--verbose', action='count', default=0, help='Increment verbosity level once per call') ap.add_argument('-q', '--quiet', action='count', default=0, help='Decrement verbosity level once per call') return ap.parse_args(args) def main(): args = parse_args(sys.argv[1:]) verbosity_num = (args.verbose - args.quiet) if verbosity_num <= -2: log_level = logging.CRITICAL elif verbosity_num <= -1: log_level = logging.ERROR elif verbosity_num == 0: log_level = logging.WARNING elif verbosity_num == 1: log_level = logging.INFO else: log_level = logging.DEBUG logging.basicConfig(level=log_level, format=LOG_FORMAT) dbus.mainloop.glib.DBusGMainLoop(set_as_default=True) if NETWORKCTL is None: logger.critical('Unable to find networkctl command; cannot continue') sd_notify(ERRNO=errno.ENOENT) sys.exit(1) dispatcher = Dispatcher(script_dir=args.script_dir) dispatcher.register() # After configuring the receiver, run initial operations if args.run_startup_triggers: dispatcher.trigger_all() # main loop mainloop = glib.MainLoop() # Signal to systemd that service is runnning sd_notify(READY=1) logger.info('Startup complete') mainloop.run() def init(): if __name__ == '__main__': main() init() # vim: ai et sts=4 sw=4 ts=4
Copyright © 2025 - UnknownSec